Tuesday, March 6, 2018

Last Friday in SANS NewsBites, I saw an article talking about how NSA has not taken any action against the reported Russian cyber influence operations in US elections. Many laypeople have commented to me that the US can’t continue to operate in an environment other countries can try to influence our elections. But my follow up question to them is always “how would you fix this?” The answers often start out strong, but when we dig into them a little, we find out there are significant problems with implementation.
*Full disclosure: I’m on the editorial board for SANS NewsBites. You should subscribe and use it for expert opinions on cybersecurity news.

Influence operations in cyberspace are a form of asymmetric warfare. As we have learned from Facebook’s identification of advertising buys by Russian organizations, the cost to launch an influence operation is low. Unfortunately, the cost to counter an influence operation is very high. There are very limited options to counter a cyber influence operation and they all have serious problems. We intentionally won’t address the legal issues with each – let’s assume that the legislature will clear any legal hurdles that need to be addressed.

Options for dealing with cyber influence operations

Counter with your own influence operations to negate undue influence from foreign actors

Hack those performing the cyber influence operations and prevent them from performing the operations

Sanctions or other political pressure against those conducting the cyber influence operations

Conduct cyber influence operations against the aggressor hoping for a “cyber cease fire”

Force the platforms used for influence to limit their susceptibility to such operations